In today’s rapidly evolving cybersecurity landscape, businesses face an ever-growing array of threats that can compromise their data, IT systems, and reputation. As organizations strive to navigate these challenges, many choose to leverage VMware Cloud on AWS with industry-leading security and compliance programs to help safeguard their VMware Software Defined Data Center (SDDC) against potential exploits.
1. Robust Security Measures
VMware by Broadcom’s continued investments in vulnerability management and compliance programs help to protect against cyber threats, comply with strict regulatory guidelines, and to maintain the trust of customers and stakeholders. VMware Cloud on AWS has established itself as a dependable cloud service provider focused on delivering a reliable and secure service.
2. Compliance Assurance
Vulnerability management is core to VMware Cloud on AWS service and VMware by Broadcom is contractually obligated to maintain the security of the service. The VMware Cloud on AWS service undergoes recurring independent third-party audits to provide assurance that VMware by Broadcom has implemented industry-leading security controls, processes, and operating procedures to maintain a highly secure service. VMware Cloud on AWS has been successfully assessed by these fundamental industry and government compliance requirements: HIPAA, ISO 9001, ISO 27001, ISO 27017, ISO 27018, IRAP, ISMAP, MTCS, OSPAR, PCI-DSS, and SOC 2.
3. Proactive Vulnerability Management
A comprehensive vulnerability management program is paramount to effectively mitigating cybersecurity risks. The VMware Cloud on AWS vulnerability management team operates around the clock to proactively scan for, identify, and remediate vulnerabilities, preventing potential exploitation by malicious actors. This proactive approach enhances the overall security posture of all customers, minimizing the likelihood of security breaches in cloud infrastructure.
4. VMware Cloud on AWS is more than just vSphere: Customized Codebase
Unlike standard VMware vSphere implementations, VMware Cloud on AWS operates on a customized codebase designed specifically for a managed cloud service. The VMware Cloud on AWS service enhances operational efficiency and reliability, ensuring seamless integration with existing VMware systems and AWS native services. Unique differences in VMware Cloud on AWS’s code base, architecture, and access restrictions to the cloud platform reduce our systems’ attack surface, resulting in being less prone to vulnerabilities that might affect typical vSphere deployments.
5. Patch Management and Upgrades
The VMware Cloud on AWS service mitigates vulnerabilities throughout each SDDC system’s lifecycle, while minimizing impact on client workloads during patching and upgrades. Micro patches and temporary mitigations are developed by VMware Cloud on AWS to quickly address cloud infrastructure vulnerabilities. The micro patch approach minimizes the window of exposure to potential threats, enhancing the security resilience of organizations leveraging the service. When validated patches become available, VMware Cloud on AWS teams begin patch testing and deployment. Patching workflows to address high and critical severity issues are started immediately.
In scenarios where micro patches are not possible, VMware Cloud on AWS ensures all production release versions are promptly updated to incorporate necessary long-term code fixes. Upgrades are automated for all customers fleetwide within our Lifecycle Management System to maintain the desired state configuration. Lifecycle Management automation improves upgrade performance and reduces impact on client workloads by frequently introducing a maintenance host to increase available compute resources. You can learn more about the VMware Cloud on AWS Lifecycle management in this deep dive technical article.
6. Customer-Centric Approach – Communication
VMware Cloud on AWS prioritizes transparency by promptly notifying customers about newly published VMware Security Advisories (VMSAs) that affect vCenter or ESXi. This in-console communication provides timely information about any VMware Cloud on AWS systems impact. To ensure that customers are aware of any security risks, notifications include relevant mitigation status and include instructions if any customer action is required. You can check out the recent example of our vulnerability management efforts to address VMSA-2024-0006, published by VMware by Broadcom on March 5, 2024, that discloses vulnerabilities identified by CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, and CVE-2024-22255. Because of the prompt notification to all VMware Cloud on AWS customers, indicating that there was no impact on the customer’s SDDC, customers were able to focus on their priorities while the VMware Cloud on AWS team took care of the security of their cloud infrastructure.
Summary
With a proven track record of rapid vulnerability patching, VMware Cloud on AWS reliably ensures timely updates and protection against new vulnerabilities. By enhancing the overall security posture of the cloud platform, the VMware Cloud on AWS service enables customers to navigate the evolving cybersecurity landscape with confidence, without compromising on security.